More than 30% of US organizations report experiencing a major AI-related security incident in the past 12 months.

Nearly 70% of US CISOs and senior security leaders say they are actively following AI-related regulations or standards.

85% of IT professionals report having AI policies or oversight mechanisms in place.

56% of organizations now deploy AI broadly across multiple IT workflows or at business‑critical scale.

2% of organizations report no AI use at all.

Nearly 72% of IT organizations have created dedicated AI roles or teams, and another 13% plan to do so.

45% of IT professionals plan to use AI to automate patch deployment within the next 24 months.

42% of IT professionals say accountability for AI decisions is clear.

24% of IT professionals say AI policies are followed very consistently in day‑to‑day work.

68% of IT professionals have personally seen AI generate hallucinations with potential operational impact.

Nearly a quarter of IT professionals cite data challenges as the biggest barrier to AI deployment.

Nearly a third of the most mature IT organizations are still operating without fully embedded governance.

Direct ransomware attacks on financial institutions spiked 76% year-over-year in Q1 2026.

Across all financial services vendors, 50.2% carry high-severity CVEs.

The number of distinct threat groups targeting finance increased from 37 in 2023 to 45 in 2024 and to 48 in 2025.

Over 48,000 CVEs were published globally in 2025, an 18% year-on-year increase.

In September 2025, Qilin's compromise of a single South Korean MSP affected 32 financial institutions and resulted in over 2 terabytes of stolen data.

Qilin was responsible for 59 finance-sector incidents in the past year.

15% of security leaders cite misalignment with internal security policies as a major concern with AI-generated code.

90% of security leaders have active concerns about security risks introduced by AI-generated code.